package com.lwt.config;

import com.lwt.po.User;
import com.lwt.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * @program: springboot-06-shiro
 * @author: 关键我是大怪
 * @create: 2021-07-02 16:32
 */
//自定义的UserRealm
public class UserRealm extends AuthorizingRealm {


    @Autowired
    UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        //连接真实的数据库
        UsernamePasswordToken usertoken = (UsernamePasswordToken) token;
        User user = userService.queryUserByName(usertoken.getUsername());
        if (user == null) {//没有这个人
            return null;
        }

        //可以加密：MD5 MD5盐值加密

        //密码认证：shiro自己做
        return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
    }
}
